On 25. Mar 2025, at 15.15, luis.neapolis--- via dovecot <dovecot@dovecot.org>
wrote:
>
> crypt_global_private_key main{
> crypt_private_key_password=secret
> crypt_private_key_file=
> }
> userdb ldap {
> driver = ldap
> .....
> fields {
>
> mail_crypt_global_private_key/main/crypt_private_key_file=inline:%{ldap:key}
> }
> }
>
> lmtp(134879): Fatal: Raw user initialization failed: mail_crypt_plugin:
> nuovo: Couldn't parse private key : Unknown key format
The trouble is that mail_crypt plugin loads the keys always at user
initialization. That's fine for the actual user, which does the userdb lookup.
However, we have an internal "raw user" which doesn't do a userdb lookup. The
raw user sees from config that there is a private key configured, but the key
is empty so it fails. I guess the nicest solution would be to delay
initializing the keys until they're actually needed, but you can make it work
already:
#crypt_global_private_key main {
#}
userdb ldap {
driver = ldap
fields {
crypt_global_public_key_file=inline:%{ldap:pubkey}
crypt_global_private_key=main
crypt_global_private_key/main/crypt_private_key_file=inline:%{ldap:privkey}
crypt_private_key_password=%{password}
}
}
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
